A conventional approach to administering access privileges among employees within an organization involves manually setting the access privileges for each employee. For example, for a first employee in the human resources department of the organization, a human administrator may provide that employee with special privileges to access the organization's personnel records but no privileges to access the organization's financial information. Likewise, for a second employee in the accounting department of the organization, the human administrator may provide that employee with special privileges to access the organization's financial information but no privileges to access the organization's personnel records.
Additionally, suppose that the first employee transfers from the human resources department to the finance department (i.e., switches jobs). In this situation, the human administrator manually removes the first employee's special privileges to access the organization's personnel records and grants the first employee with special privileges to access the organization's financial information.